「Jenkins」- Note that ‘frame-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

  CREATE BY JENKINSBOT
原文链接:「Jenkins」- Note that ‘frame-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
文章分类:「Continuous_Delivery:Jenkins_-_An_Automation_Server:z.Error_List_(Jenkins):Blocked_script_execution」
文章标识:「182d262c」

问题描述

在 Jenkins 中,当访问测试报告时,页面无法正常显示(页面没有显示内容)。浏览器控制台显示如下错误消息:

...
Refused to frame 'https://jenkins.example.com/' because it violates the following 
Content Security Policy directive: "default-src 'none'". Note that 'frame-src' was 
not explicitly set, so 'default-src' is used as a fallback.

Blocked script execution in '<URL>' because the document's frame is sandboxed and 
the 'allow-scripts' permission is not set.
...

软件版本:Jenkins 2.274 in Docker

解决方案

方案一、放宽规则(不推荐)

在 Script Console 中,执行 System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "") 脚本,以此来解决问题。

但是该方法放宽规则,官方并不鼓励该做法。并且我们使用该方法也没有生效,可能在新版本 Jenkins 中被废弃。

方案二、Resource Root URL(推荐)

官方推荐的方法:
1)为 Jenkins 服务再绑定新域名(当然要配置 Nginx 指向 Jenkins 服务);
2)并在 Manage Jenkins / Configure System / .. / Resource Root URL 中填写带地址;

参考文献

Configuring Content Security Policy
html – because the document’s frame is sandboxed and the ‘allow-scripts’ permission is not set – Stack Overflow
javascript – Blocked script execution in because the document’s frame is sandboxed – Angular application – Stack Overflow